1 Introduction

With a fast development of information technology and internet infrastructure, it is very convenient to transmit and share all kinds of digital contents nowadays. This saves us much time and cost. However, the security issue needs much attention to prevent the unauthorized access of personal information. Many encryption algorithms have been proposed to protect the privacy of digital images transmitted over a public network. Among them, the approach of using chaotic systems for image encryption [14] has attracted much research interest in recent years.

Making use of the favorable characteristics such as high sensitivity to initial condition and parameters, ergodicity and pseudo-randomness, chaotic systems are employed for data encryption. In 1989, Matthews [5] suggested a chaos-based encryption algorithm. Traditional ciphers such as DES, AES and IDEA are block ciphers which may not have high performance in dealing with the large amount of data in an image. Therefore, researchers tried to design image cryptosystems based on chaos [610]. Experimental results show that this kind of image encryption scheme can effectively shuffle and diffuse the two-dimensional image pixels.

An effective encryption algorithm must possess a sufficiently large key space to prevent the brute-force attack. Low-dimensional systems fail to meet this requirement due to the small number of control parameters. On the contrary, hyperchaotic systems are usually high-dimensional systems which exhibit richer chaotic properties. In [11], a total shuffling function was employed to permute the image pixels while a hyperchaotic system was adopted to carry out the diffusion function. Zhu [12] proposed to generate a chaotic key stream by modifying the hyperchaotic sequences. Three phase functions possessing the necessary properties of a secure image encryption algorithm including the confusion and diffusion properties were designed by Kanso et al. [13] using 3D chaotic maps. Besides, there are many other image encryption algorithms [1422] found in the literature such as the S-box-based methods [2022]. However, most of them did not consider a natural phenomenon, i.e., time delay, which often appears in our daily life. If it is incorporated in image cryptosystems, the encryption process will become more practical and natural.

In this paper, we design a new chaos-based image cryptosystem making use of the time-delay concept. It possesses the classical architecture of the substitution-diffusion type [16]. We adopt a new position index permutation method, after preprocessed the pseudo-random sequence generated by a hyperchaotic system. This approach results in high randomness, uncorrelated adjacent pixels and low complexity [12, 19]. The bidirectional diffusion [8] is employed so that a single bit change in the plain-image could cause a large difference in the whole cipher-image. Image encryption can be applied in many areas such as military, meteorology and medical science. Some are in the form of patents [23, 24].

The rest of this paper is organized as follows. The proposed image encryption scheme is described in Sect. 2, with the details of time delay, position index permutation and diffusion. Partial algorithms are given and analyzed in this section. In Sect. 3, experimental results are presented to show the effectiveness of our scheme. The related security analyses including size of the key space, statistical analysis, and sensitivity analysis are discussed. Finally, a conclusion is drawn in Sect. 4.

2 The proposed image encryption scheme

The hyperchaotic system studied in [11] is adopted in our design. It is governed by the following set of equations with four control parameters a, b, c, d and four initial values x 0, y 0, z 0 and w 0:

$$ \left \{\begin{array}{l} \dot{x}=a(y-x) \\ \dot{y}=-xz+dx+cy-w \\ \dot{z}=xy-bz\\ \dot{w}=x+k \end{array} \right . $$
(1)

As stated in [11], the system is hyperchaotic (see Fig. 1) when the parameters are chosen as a=36, b=3, c=28,d=−16 and k∈[−0.7,0.7]. The system equations are solved using the fourth-order Runge–Kutta algorithm with step size h=0.001.

Fig. 1
figure 1

Hyperchaotic phenomenon on planes (axyz, (b) yzw, (czwx, (d) wxy

Full size image

The following preprocessing [12] is performed on the iteration values x j , y j , z j and w j to make them more random:

$$ s_{j}=s_{j}\times10^5- \mathrm{round}\bigl(s_{j}\times10^5\bigr),\quad j=1,2,3, \ldots $$
(2)

where the function round(s) rounds s to the nearest integer.

2.1 Time-delay function

The time-delay phenomenon can be observed in most natural processes. Here, we employ the classical logistic function (3) as the random number generator in our cryptosystem:

$$ \widetilde{x}_{j+1}=\mu \widetilde{x}_{j}(1- \widetilde{x}_{j}),\quad j=1,2,3,\ldots $$
(3)

The system is chaotic if μ∈(0.3569946,4]. We introduce time delay into the chaotic sequence x obtained from (1) by setting

$$ \overline{x}_{k}=x_{k+\tau_{k}^{(1)}},\quad k=1,2,3, \ldots $$
(4)

Here, \(\tau_{k}^{(1)}=0,1,2,\ldots\) denotes the kth time-delay value which is given by (3). Then we can update the x values using the time-delay concept and obtain \(\overline{x}\). Similar operations are performed for y, z, w with time delay \(\tau_{k}^{(2)}\), \(\tau_{k}^{(3)}\), \(\tau_{k}^{(4)}\), to form the new sequences \(\overline{y}\), \(\overline{z}\), \(\overline{w}\). As the time delay will cause extra time cost, we should limit it to an appropriate range. In this paper, we suppose that the time delay falls within t (t≤10 can meet the requirement) interval steps as given by (5):

$$ \tau_{i}=\mathrm{floor}\bigl(\mathrm{mod}\bigl( \widetilde{x}_{i}\times10^{3},t\bigr)\bigr),\quad i=1,2, \ldots $$
(5)

Here, the function floor(γ) rounds γ to the nearest integer less than or equal to γ while mod(γ,t) returns the remainder after dividing γ by t.

An ideal pseudo-random sequence must satisfy the essential properties such as uniform distribution, delta function of autocorrelation, and zero cross-correlation. To compare with the method in [12], three autocorrelation plots are shown in Fig. 2. Figure 2(c) shows a better autocorrelation performance than Figs. 2(a) and (b) when time delay is incorporated. Moreover, the cross-correlation plots depicted in Fig. 3 are better than those given by Fig. 2 in reference [12].

Fig. 2
figure 2

Autocorrelation comparison (a) before preprocessing, (b) after preprocessing, (c) after preprocessing with delay

Full size image
Fig. 3
figure 3

Cross-correlation plots (a) xy, (b) yz, (czw, (dwx

Full size image

In our substitution-diffusion type image cryptosystem, the sequences \(\overline{x}\) and \(\overline{y}\) generated by system (1) are used for permutation while the sequences \(\overline{z}\) and \(\overline{w}\) are employed for diffusion.

2.2 Permutation of position index

A permutation of plain-image pixels is usually performed to reduce the high correlation among neighboring pixels. A new method for permuting the position index is designed. Without loss of generality, we assume that the original plain-image A has a size of m×n.

We sort the chaotic sequences \(\overline{x}_{1,m\times n}\), \(\overline{y}_{1,m\times n}\) and A m×n using Program Fragment 1 and obtain the position index sequences \(\operatorname{ind}1\) and \(\operatorname{ind}2\).

Program Fragment 1

figure a

Along the row direction, we rearrange and permute the 2-D plain-image matrix A into a 1-D sequence y 1,m×n using (6)

$$ y(i)=A(f1,f2),\quad i=1,2,\ldots,m\times n $$
(6)

where \(f1=[\operatorname{ind}1/n]\), \(f2=\lceil \operatorname{ind}1,n \rceil\), [u] rounds u to the nearest integer towards infinity, and ⌈u,v⌉ returns the remainder of the division. In particular, when ⌈u,v⌉ is equal to 0, it should be replaced by the integer v, as stated in Program Fragment 2.

For the permutation in columns, we can use the same method by replacing \(\operatorname{ind}1\) with \(\operatorname{ind}2\). Then Program Fragment 3 is obtained by a straightforward modification on Program Fragment 2. After the row and column permutations have been performed, a new sequence is obtained, which is then rearranged to a 2-D matrix, i.e., the permuted image.

Program Fragment 2

(for row index permutation)

figure b

Program Fragment 3

(for column index permuta-tion)

figure c

From the original Lena image shown in Fig. 4(a), we obtain the permuted image depicted in Fig. 4(b). A comparison with the Arnold cat map and the traditional method of row and column permutation shows that our method leads to a stronger permutation effect. However, it is well-known that permutation-only operations cannot resist the chosen-plaintext and known-plaintext attacks. Hence, it is necessary to have the diffusion operation as described in the next subsection.

Fig. 4
figure 4

(a) The original Lena image; Permuted image using: (b) our method, (c) Arnold cat map, (d) classical row and column permutation

Full size image

2.3 Diffusion

Different from most of the existing cryptosystems, the double-direction diffusion [8] is applied on the permuted image. Firstly, forward diffusion from the first pixel to the last pixel is carried out by (8). However, \(\overline{z}_{i}\) and \(\overline{w}_{i}\) should be within [0,255] before they can be used in (7).

(7)
(8)

where c 0 is a selected constant, c i and c i−1 denote the current and the former encrypted pixels, respectively. In order to make the cryptosystem depend on the plain-image, we let c 0 be the average of the first and the last pixels of the permuted image. p i is the permuted pixel, \(\overline{z}_{i}\) denotes the ith element of the chaotic sequence, with \(\overline{z}_{0}\) equal to the first pixel of the permuted image. α 1,β 1 are two additional control parameters and + refers to the modular addition function.

For a good encryption scheme, a tiny change in the plain-image should influence every pixel in the cipher-image. The diffusion governed by (8) does not stop at the end, but to continue in the opposite direction, as given by

(9)

Here, e i ,c i are the ith current and former stage of the encrypted pixel, \(\overline{w}_{i}\) denotes the ith element of the chaotic sequence. α 2 and β 2 are two additional control parameters. To keep the natural order, we need to rearrange \(\overline{w}_{i}\) into its inverted sequence before performing the reverse diffusion (9).

When the above-mentioned bidirectional diffusion is finished, we obtain e. The final encrypted image is formed when e is rearranged into a matrix from top to bottom and from left to right.

The decryption procedures are similar to the encryption ones, but in a reversed order. The reverse forms of (9) and (8) are given by (10) and (11), respectively. The inversions of Program Fragments 2 and 3 are obtained by exchanging A and y. With the correct key, it is able to recover the plain-image from the cipher-image.

(10)
(11)

3 Experimental results and security analyses

All the operations are implemented using Matlab 7.0 on a personal computer equipped with an Intel(R) Core(TM) i3-2350M, 2.30 GHz CPU, running Windows 7. A 500×512 8-bit Barb image shown in Fig. 5(a) is chosen as the test image. Figure 5(b) depicts the corresponding cipher-image after the first round of the proposed encryption method. The initial conditions are a=36,b=3,c=28,d=−16,k=0.42, x 0=1.36,y 0=−3.87,z 0=10.4,w 0=−8.5 in system (1). Moreover, μ=4, \(\widetilde{x}_{0}^{(1)}=0.543\), \(\widetilde{x}_{0}^{(2)}=0.232\), \(\widetilde{x}_{0}^{(3)}=0.104\), \(\widetilde{x}_{0}^{(4)}=0.705\) in system (3) generate four different time-delay sequences.

Fig. 5
figure 5

Encryption test: (a) Barb image of size 500×512, (b) encrypted image, (c) decrypted image with x 0=1.36+10−14, (d) decrypted image with \(\widetilde{x}_{0}^{(1)}=0.543+10^{-14}\), (e) encrypted image with y 0=−3.87+10−14, (f) decrypted image from (e) with y 0=−3.87

Full size image

3.1 Key space analysis

To make the brute-force attack infeasible, the key space of an image encryption algorithm, including all the initial conditions and control parameters, should be sufficiently large. The key space of our algorithm is constructed by x 0,y 0,z 0,w 0 in system (1), \(\widetilde{x}_{0}^{(1)}\), \(\widetilde{x}_{0}^{(2)}\), \(\widetilde{x}_{0}^{(3)}\), \(\widetilde{x}_{0}^{(4)}\) in system (3). The control parameters such as μ, α 1, α 2, β 1 and β 2 are not counted. Thus, the size of key space can reach 10112 if the computation precision is 10−14. It is large enough to resist brute-force attack.

3.2 Sensitivity analysis

A good encryption scheme should be sensitive to every secret key. From the perspective of cryptography, a totally different cipher-image should be obtained even for a tiny change in the key. Furthermore, the cryptosystem should also be sensitive to the plain-image. A bit difference in any pixel should lead to a completely different encryption result. Figures 5(c) and (d) show the decrypted images using a wrong key with only a 10−14 difference in x 0 and \(\widetilde{x}_{0}^{(1)}\), respectively. Figure 5(e) presents a completely different encrypted image if 10−14 is added to y 0 while Fig. 5(f) depicts the corresponding decrypted image using the original y 0.

3.3 Statistical analysis

In this subsection, we perform statistical analysis using another image Cameraman of size 256×256, as shown in Fig. 6(a).

Fig. 6
figure 6

Histogram: (a) Cameraman of size 256×256, (b) histogram of (a), (c) histogram of the encrypted image, (d) histogram of the encrypted image using a different key y 0, (e) histogram of the decrypted image using a wrong key y 0

Full size image

3.3.1 Histogram

The statistical properties of an image can be characterized by the histogram showing the distribution of the pixel values [19]. Figure 6(b) is the histogram of the plain-image shown in Fig. 6(a). Figure 6(c) shows the histogram of the encrypted image. It is different from Fig. 6(d) which corresponds to a small change in the key y 0. Figure 6(e) depicts the histogram of the decrypted image using a wrong key. From these histograms, we can conclude that the proposed chaotic encryption algorithm can effectively flatten the histogram [9].

3.3.2 Correlation

The correlation of two adjacent pixels in a natural image is high. Therefore, it should be reduced by a permutation of the image pixels. If the encryption algorithm is effective, the encrypted image should have a low correlation among neighboring pixels. To evaluate the degree of correlation, 2500 pairs of adjacent pixels in horizontal, vertical and diagonal directions are randomly selected. The correlation coefficients are computed using (12) and the corresponding results are listed in Table 1. Figures 7(a) and (b) show the correlation distribution of two diagonal adjacent pixels in the plain-image and the cipher-image, respectively.

$$ r_{xy}=\frac{\mathrm{cov}(x,y)}{\sqrt{D(x)D(y)}} $$
(12)

where \(\mathrm{cov}(x,y)=\frac{1}{N}\sum_{i=1}^{N}(x_{i}-E(x))(y_{i}-E(y))\), \(D(x)=\frac{1}{N}\sum_{i=1}^{N}(x_{i}-E(x))^{2}\), \(E(x)=\frac{1}{N}\sum_{i=1}^{N}x_{i}\). where x i and y i represent the gray values of two adjacent pixels.

Fig. 7
figure 7

Correlation of two diagonal adjacent pixels: (a) plain-image, (b) cipher-image

Full size image
Table 1 Correlation coefficients
Full size table

3.4 Differential analysis

The strength of an image encryption algorithm against differential attack is usually measured by two indicators. The number of pixels change rate (NPCR) denotes the number of different pixels in the cipher-image when a pixel of the plain-image is altered. The unified average changing intensity (UACI) refers to the average intensity of the differences between the plain-image and the cipher-image These two performance indicators are calculated by (13) and (14), respectively. After one encryption round of the proposed algorithm is applied to the Lena image, we have NPCR=99.619 % and UACI=33.482 % which are close to the ideal values. The results for other plain-images can be found in Table 2 while the values at different number of encryption rounds using the Boat image of size 512×512 are listed in Table 3. In addition, the proposed scheme can well resist known-plaintext and chosen-plaintext attacks because the parameter key is related to the plain-image in the diffusion operation:

$$ \mathit{NPCR}=\frac{\sum_{ij}D(i,j)}{M\times N}\times100~\% $$
(13)
(14)

where D(i,j)=0 if C 1(i,j)=C 2(i,j); otherwise, D(i,j)=1.

Table 2 UACI and NPCR results (in %) using different plain-images
Full size table
Table 3 UACI, NPCR results (in %) and the running times at different number of rounds
Full size table

3.5 Speed analysis

In practical image transmission, the operation time must also be considered. We have measured the time cost in running the proposed encryption algorithm. It takes less than 0.14 s to encrypt an image of size 256×256 and 0.47 s for 512×512. Therefore, our algorithm is fast enough for practical applications.

4 Conclusion

A novel image encryption scheme based on time-delay and hyperchaotic system has been proposed. Time delay is introduced in the four chaotic sequences generated by a hyperchaotic system. Moreover, a position index permutation method is suggested which leads to a better permutation effect than existing methods. Together with the diffusion operation, our cryptosystem provides an effective and efficient way for protecting the privacy of digital images. These properties are justified by the experimental results on statistical, differential and running time analyses. Our encryption scheme also possesses the flexibility of using other hyperchaotic systems as the choice of the chaotic system is independent of the architecture of the cryptosystem.